AMENDMENTS TO THE CLAIMS 

1 . (Currently amended) A method for applying a quality of service to an encrypted packet 
comprising: 

during initial establishment of a secure control channel, receiving and storing an 

identifier associated with the quality of service; 
examining an encrypted packet; 

without decrypting the encrypted packet, determining whether an-the identifier associated 
with the quality of service is present in a profile portion of the encrypted packet; 

in response to determining that the identifier is present in the encrypted packet, applying 
the associated quality of service to the encrypted packet. 

2. (Previously presented) The method of claim 1, further comprising the steps of: 
before the examining: 

encrypting the packet, wherein said step of encryption includes establishing said 
identifier in the packet. 

3. (Original) The method of claim 1, wherein said identifier is based on at least on an 
Internet Key Exchange (IKE) ID stored in the packet. 

4. (Original) The method of claim 3, wherein the Internet Key Exchange (IKE) ID 
comprises one or more of ID_IPV4_ADDR, ID_FQDN, ID_USER_FQDN, 
ID_IPV4_ADDR_SUBNET, ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, 
ID_IPV4_ADDR_RANGE, ID_IPV6_ADDR_RANGE, ID_DER_ASN1_DN, 
ID_DER_ASN1_GN, and ID_KEY_ID. 

5. (Original) The method of claim 1, wherein the identifier is based on at least an entry 
in a security association database. 
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6. (Previously presented) The method of claim 1, wherein said identifier maps to a 

quality of service (QoS) group. 



7. (Original) The method of claim 2, wherein the identifier is established in a profile of 
the packet. 

8. (Original) The method of claim 7, wherein the profile is an ISAKMP profile. 

9. (Original) The method of claim 2, further comprising a step of pre-classification of 
the packet prior to the step of encryption. 

10. (Previously presented) The method of claim 9, wherein the quality of service that 
is applied is selected based on both the identifier and pre-classification. 

1 1 . (Currently amended) A method for applying a quality of service to a packet comprising: 
during initial establishment of a secure control channel receiving and storing an 

identifier associated with the quality of service; 
encrypting the packet to create an encrypted packet; 

examining an identifier in a profile portion of the encrypted packet, wherein the identifier 

is based on an IKE ID of the encrypted packet; 
without decrypting the encrypted packet, determining whether the identifier in the 

encrypted packet is associated with a quality of service to be applied to the 

encrypted packet; and 

in response to determining that the identifier is associated with a quality of service to be 
applied to the encrypted packet, applying the quality of service to the encrypted 
packet. 

12. (Previously presented) The method of claim 11, further comprising the step of: 
prior to the step of encrypting, pre-classifying the packet based on the contents of the 

packet; 
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wherein the quality of service that is applied to the packet is selected partially based the 
step of pre-classification and partially based on the identifier. 



1 3 . (Previously presented) 



The method of claim 11, further comprising the step of: 



during encryption, copying at least one bit into a header to identify a characteristic of the 
packet; 

wherein the quality of service that is applied to the packet is selected partially based on a 
value of the at least one bit and partially based on the identifier. 

14. (Currently amended) A computer-readable medium comprising one or more sequences 
of instructions, which when executed by one or more processors, cause the one or more 
processors to carry out the steps recited in claim l perform applying a quality of service to 
an encrypted packet by: 

during initial establishment of a secure control channel, receiving and storing an 

identifier associated with the quality of service; 
examining an encrypted packet; 

without decrypting the encrypted packet, determining whether the identifier associated 
with the quality of service is present in a profile portion of the encrypted packet; 
in response to determining that the identifier is present in the encrypted packet, applying 



15. (Currently amended) A -The computer-readable medium of claim 14 comprising one or 
more sequences of instructions, which when executed by one or more processors, cause 
the one or more processors to carry out the steps recited in claim 2 
before the examining: 

encrypting the packet, wherein said step of encryption includes establishing said 



the associated quality of service to the encrypted packet - 



identifier in the packet . 



16. (Currently amended) A -The computer-readable medium 
sequences of instructions, which when executed by one oi 




processors, 
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or more processors to carry out the steps recited in of claim- ^ 14 wherein said identifier is 
based on at least on an Internet Key Exchange (IKE) ID stored in the packet . 

17. (Currently amended) A -The computer-readable medium comprising one or more 

sequences of instructions, which when executed by one or more processors, cause the one 

or more processors to carry out the steps recited in of claim- 4 14 wherein the Internet Key 

Exchange (IKE) ID comprises one or more of ID IPV4 ADDR, ID FQDN, 

ID USER FODN, ID IPV4 ADDR SUBNET, ID IPV6 ADDR, 

ID IPV6 ADDR SUBNET, ID IPV4 ADDR RANGE, ID IPV6 ADDR RANGE, 

ID PER ASN1 DN, ID PER ASN1 GN, and ID KEY ID . 



(Currently amended) A -The computer-readable medium e 
sequences of instructions, which when executed by one or more processors, cause the one 
or more processors to carry out the steps recited in of claim-§ - 14 wherein the identifier is 
based on at least an entry in a security association database . 



19. (Currently amended) A -The computer-readable medium comprising one or more 

sequences of instructions, which when executed by one or more processors, cause the o 
or more processors to carry out the steps recited in of claim #14 wherein said identifier 
maps to a quality of service (QoS) group . 



20. (Currently amended) A -The computer-readable medium e 
sequences of instructions, which when executed by on 



or more processors to carry out the steps recited in of claim 7 -15 wherein the identifier is 
established in a profile of the packet . 



21. (Currently amended) A -The computer-readable medium e 

sequences of instructions, which when executed by one or more processors, cause the one 
or more processors to carry out the steps recited in of claim &20 wherein the profile is an 
ISAKMP profile . 
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22. (Currently amended) A -The computer-readable medium of claim 15 further comprising 
one or more sequences of instructions, which when executed by one or more processors, 
cause the one or more processors to carry ou t the steps recited in claim 9 pre- 
classification of the packet prior to the encryption . 



23. (Currently amended) A -The computer-readable medium comprising one or more 
sequences o f instructions, which when executed by one or more processors, cause the 
or more processors to carry out the steps recited in claim i Q22 wherein the quality of 
service that is applied is selected based on both the identifier and pre-classification . 

24. -26. (Canceled) 



27. (Currently amended) An apparatus for applying a quality of service to an encrypted 
packet comprising: 

means for receiving and storing an identifier associated with the quality of service during 

initial establishment of a secure control channel; 
means for examining an encrypted packet; 

means for determining , without decrypting the encrypted packet, whether an-the identifier 
associated with the quality of service is present in a profile portion of the 
encrypted packet; 

means, responsive to the determining means, for applying the quality of service to the 
encrypted packet if it is determined that the identifier is present in the encrypted 
packet. 



28. (Previously presented) The apparatus of claim 27, further comprising means, 

operable before the examining means, for encrypting the packet, wherein the means for 
encryption includes means for establishing said identifier in the packet. 



(Original) The apparatus of claim 27, wherein said identifier is based on at least on 
an Internet Key Exchange (IKE) ID stored in the packet. 
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30. (Original) The apparatus of claim 29, wherein the Internet Key Exchange (IKE) ID 
comprises one or more of ID_IPV4_ADDR, ID_FQDN, ID_USER_FQDN, 
ID_IPV4_ADDR_SUBNET, ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, 
ID_IPV4_ADDR_RANGE, ID_IPV6_ADDR_RANGE, ID_DER_ASN1_DN, 
ID_DER_ASN 1_GN, and ID_KEY_ID. 

31. (Original) The apparatus of claim 27, wherein the identifier is based on at least an 
entry in a security association database. 

32. (Previously presented) The apparatus of claim 27, wherein said identifier maps to a 
quality of service (QoS) group. 

33. -36. (Canceled) 

37. (Currently amended) An apparatus for applying a quality of service to an encrypted 
packet comprising: 
one or more processors; 

memory communicatively coupled to the one or more processors; 

one or more sequences of instructions in the memory for applying a quality of service to 
an encrypted packet, which instructions, when executed by the one or more 
processors, cause the one or more processors to perform the steps of: 

during initial establishment of a secure control channel, receiving and storing an 
identifier associated with the quality of service; 

examining an encrypted packet; 

without decrypting the encrypted packet, determining whether an- the identifier associated 
with the quality of service is present in a profile portion of the encrypted packet; 

in response to determining that the identifier is present in the encrypted packet, applying 
the quality of service to the encrypted packet. 



50325-0783 



7 



38. (Previously presented) The apparatus of claim 37, further comprising sequences of 
instructions for performing the steps of: 

before the examining: 

encrypting the packet, wherein said step of encryption includes establishing said 
identifier in the packet. 

39. (Original) The apparatus of claim 37, wherein said identifier is based on at least on 
an Internet Key Exchange (IKE) ID stored in the packet. 

40. (Original) The apparatus of claim 39, wherein the Internet Key Exchange (IKE) ID 
comprises one or more of ID_IPV4_ADDR, ID_FQDN, ID_USER_FQDN, 
ID_IPV4_ADDR_SUBNET, ID_IPV6_ADDR, ID_IPV6_ADDR_SUBNET, 
ID_IPV4_ADDR_RANGE, ID_IP V6_ADDR_R ANGE , ID_DER_ASN1_DN, 
ID_DER_ASN 1_GN, and ID_KEY_ID. 

41. (Original) The apparatus of claim 37, wherein the identifier is based on at least an 
entry in a security association database. 

42. (Previously presented) The apparatus of claim 37, wherein said identifier maps to a 
quality of service (QoS) group. 

43. (Original) The apparatus of claim 38, wherein the identifier is established in a profile 
of the packet. 

44. (Original) The apparatus of claim 43, wherein the profile is an ISAKMP profile. 

45. (Original) The apparatus of claim 38, further comprising a step of pre-classification 
of the packet prior to the step of encryption. 
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46. (Previously presented) The apparatus of claim 45, wherein the quality of service 
that is applied is selected based on both the identifier and pre-classification. 

47. (Previously presented) The apparatus of claim 28, wherein the identifier is 
established in a profile of the packet. 

48. (Previously presented) The apparatus of claim 33, wherein the profile is an 
ISAKMP profile. 

49. (Previously presented) The apparatus of claim 28, further comprising means for 
pre-classification of the packet prior to the step of encryption. 

50. (Previously presented) The apparatus of claim 35, comprising means for selecting 
the quality of service that is applied based on both the identifier and pre-classification. 
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